Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook

Lucent Technologies BCS Products Security Handbook

Download as PDF Print this page Share this page

Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

View all the pages

Add page 201 to Favourites

image text

Enable zoom

BCS Products
Security Handbook
555-025-600 Issue 6
December 1997
Automated Attendant
Page 6-13 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85
6
Traffic Reports
Both the AUDIX Voice Mail System and the AUDIX Voice Power System track
traffic data over various timespans. Reviewing these reports on a regular basis
helps to establish traffic trends. If increased activity or unusual usage patterns
occur, they can be investigated immediately. Beginning with AUDIX Voice Mail
System R1V2, the AUDIX Data Acquisition Package (ADAP) uses a PC to provide
extended storage and analysis capabilities for the traffic data.
Call Detail Recording
For AUDIX Voice Mail System R1V5 and later, this optional feature provides a
detailed view of the activity associated with each voice mail session, outgoing
calls, and system-wide activity.
Voice Session Record
A voice session begins whenever a caller attempts to log into the AUDIX Voice
Mail System, is redirected to the AUDIX Voice Mail System for call answering,
enters or , transfers from one automated attendant to another
automated attendant (nested), or is transferred by the Enhanced Automated
Attendant feature.
The record reveals the routing of the call, including the caller (if internal), recipient,
port, community, mail IDs (corresponds to the AUDIX Voice Mail System
subscriber’s extension number input during a login or as input by the calling
party), the time and duration of the call, the type of session (voice mail, call
answer, guest password, or automated attendant), the message activity, and
number of login attempts.
Also reported is the session termination method. Each possible termination
method is assigned a value as shown in Table 6-3
. This information can be
downloaded to a PC using ADAP to be available on demand or at scheduled
intervals.
*R**R

Add page 202 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-14 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
6
Outgoing Voice Call Detail Record
An outgoing call record is also created for every outbound call that is originated by 
the AUDIX Voice Mail System via a voice port. This includes call transfers, 
outcalling, and message waiting activation and/or deactivation via access codes. 
A record is also created for call attempts for the Message Delivery feature.
The outgoing voice call detail record supplies the date the call was placed, the 
time, the AUDIX Voice Mail System port number used for the call, the duration of 
the call, the voice mailbox id, the number dialed, and the call type. These values 
are shown in Table 6-4
.
Table 6-3. AUDIX Voice Mail System Session Termination Values
VALUEREASON FOR SESSION TERMINATION
01 Caller transferred out of the AUDIX Voice Mail System
02 Caller disconnected established call
03 Caller abandoned call before the AUDIX Voice Mail 
System answered
04 Caller entered     
05 Caller entered     from Call Answer
06 Caller entered    from voice mail
07 The AUDIX Voice Mail System terminated the call due 
to a system problem
08 The AUDIX Voice Mail System terminated the call due 
to a caller problem (for example, full mailbox timeout)
09 The AUDIX Voice Mail System terminated a call 
originated by another AUDIX Voice Mail System
10 Transfer from an Automated Attendant to another 
Automated Attendant Mailbox
11 Transfer from an Automated Attendant to a Call 
Answer Mailbox
12 Transfer from an Automated Attendant to a Mailbox 
with Guest Greeting
**X
*R
**R

Add page 203 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-15 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
6
Unsuccessful call transfer attempts can result in multiple records being created for 
a single session. Review these records regularly for the following signs of hacker 
activity:
nFailed login attempts
nMultiple call transfers for a single session
nNumerous outbound calls from the same voice mailbox
nCalls to strange places
nHeavy volume of Transfer Out of AUDIX Voice Mail System calls
The AUDIX Voice Power System tracks traffic data over various timespans. 
Reviewing these reports on a regular basis helps to establish traffic trends. If 
increased activity or unusual usage patterns occur, they can be investigated 
immediately.
Table 6-4. Outgoing Call Type Values
VALUE OUTGOING CALL TYPE
10 Transfer from voice mail with     or   
11 Transfer from voice mail via return call
12 Transfer from call answer with    ,     or 
13 Transfer from Automated Attendant via menu 
selection
14 Transfer from Automated Attendant via extension 
specification
15 Transfer from Automated Attendant via time out
16 Transfer from Automated Attendant via   
17 Transfer from Bulletin Board via    ,     or 
20 Outcalling for any message
21 Outcalling for priority message
30 Message waiting activation/deactivation
40 Call Delivery
*T*0
*T*00
*T
*T*00

Add page 204 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-16 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
6
Protecting Automated Attendant on the 
AUDIX Voice Mail System 
This section discusses security measures implemented directly on the AUDIX 
Voice Mail System automated attendant. 
Disallow Outside Calls
The AUDIX Voice Mail System integrated with DEFINITY ECS, DEFINITY G1, 
G2, and G3, System 85 R2V4, and System 75 R1V3 (Issue 2.0) and later, provide 
a feature called Enhanced Call Transfer that only transfers AUDIX Voice Mail 
System calls to valid PBX extension numbers. With Enhanced Call Transfer, when 
an automated attendant caller enters an extension as a menu choice, the AUDIX 
Voice Mail System checks the digits to see if they match the extension length 
before sending the digits to the switch.
!CAUTION:
If Trunk Access Code (TAC) calls are permitted, they may be accepted as a 
valid extension number. Even with Enhanced Call Transfer activated, toll 
hackers can choose a menu option that allows an extension number, and 
then enter a TAC to get an outside line.
Another advantage of this feature is that when a toll hacker tries to enter an 
unauthorized number, the AUDIX Voice Mail System error message notifies the 
hacker that this automated attendant system is secure.
For DEFINITY ECS and DEFINITY G1 and G3:
1. On the AUDIX Voice Mail System system:appearance form, enter y in the 
Call Transfer Out of AUDIX field.
2. Enter y in the Enhanced Call Transfer field.
3. Press .
4. On the AUDIX Voice Mail System maintenance:audits:fp form, tab to the 
Service Dispatcher field and enter x.
5. Tab to the Start field and enter x.
6. Press .
7. On the switch, use change listed-directory-numbers to add a valid 
extension for your attendant.
For DEFINITY G2 and System 85:
1. On the AUDIX Voice Mail System system:appearance form, enter y in the 
Call Transfer Out of AUDIX field.
2. Enter y in the Enhanced Call Transfer field.
3. Press .
Change/Run
Change/Run
Change/Run

Add page 205 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-17 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
6
4. On the AUDIX Voice Mail System maintenance:audits:fp form, tab to the 
Service Dispatcher field and enter x.
5. Tab to the Start field and enter x.
6. Press .
7. On the switch, use PROC204 to assign a Listed Directory Number for the 
attendant console.
After you activate Enhanced Call Transfer, test it by following the steps below:
1. Dial into your AUDIX Voice Mail System automated attendant.
2. Press the menu choice to transfer to an extension.
3. Enter an invalid extension number followed by  . The failed 
announcement should play, followed by a prompt for another extension 
number.
4. Enter a valid extension number followed by  . You should notice that the 
call transfers much faster than with Basic Call Transfer.
NOTE:
In order to test correctly, you must first dial outside of the system, 
then dial back in on the number assigned to the automated attendant. 
A station to station connection will not test correctly.
Protecting Automated Attendant on the AUDIX
Voice Power System 
The AUDIX Voice Power System provides automated attendant functionality. 
Follow all recommendations for protecting the switch in Chapter 4, as well as 
those for protecting the AUDIX Voice Power System for the switch in Chapter 5. In 
addition, make sure that automated attendant selector codes do not permit 
outside line selection.
Protecting Automated Attendant on the
CONVERSANT Voice Information System 
The CONVERSANT Voice Information System provides automated attendant 
functionality. Follow all recommendations for protecting the switch in Chapter 4, 
as well as those for protecting the CONVERSANT Voice Information System for 
the switch in Chapter 5. In addition, make sure that automated attendant selector 
codes do not permit outside line selection.
Change/Run
#
#

Add page 206 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-18 MERLIN II Communications System R3 
6
Protecting Automated Attendant on the
DEFINITY AUDIX System 
The DEFINITY AUDIX System provides automated attendant functionality. Follow 
all recommendations for protecting the switch in Chapter 4, as well as those for 
protecting the DEFINITY AUDIX System for the switch in Chapter 5. In addition, 
make sure that automated attendant selector codes do not permit outside line 
selection.
Protecting Automated Attendant on the Lucent
Technologies INTUITY System 
The Lucent Technologies INTUITY System provides automated attendant 
functionality. Follow all recommendations for protecting the switch in Chapter 4, 
as well as those for protecting the Lucent Technologies I
NTUITY System for the 
switch in Chapter 5. In addition, make sure that automated attendant selector 
codes do not permit outside line selection.
MERLIN II Communications 
System R3
MERLIN MAIL Voice Messaging System
The MERLIN MAIL Voice Messaging System provides the automated attendant 
feature. Follow all recommendations for protecting the MERLIN MAIL Voice 
Messaging System in Chapter 5. In addition, make sure that automated attendant 
selector codes do not permit outside line selection.
MERLIN Attendant
To help secure MERLIN Attendant against toll fraud, do the following:
nAdminister the lowest valid extension number (Lowest Extension) and the 
highest valid extension number (Highest Extension) for the range of valid 
extensions. Transfer attempts to extensions that fall outside the range will 
be disallowed.
nAdminister the maximum number of digits in the extension to match the dial 
plan.
nChange the default system password.

Add page 207 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-19 MERLIN LEGEND Communications System 
6
MERLIN LEGEND Communications 
System
AUDIX Voice Power System
The MERLIN LEGEND Communications System supports the AUDIX Voice 
Power System, which provides automated attendant functionality. Follow all 
recommendations for protecting the MERLIN LEGEND Communications System 
switch in Chapter 4, as well as those for protecting the AUDIX Voice Power 
System for the MERLIN LEGEND Communications System in Chapter 5. In 
addition, make sure that automated attendant selector codes do not permit 
outside line selection.
The AUDIX Voice Power System tracks traffic data over various timespans. 
Reviewing these reports on a regular basis helps to establish traffic trends. If 
increased activity or unusual usage patterns occur, they can be investigated 
immediately.
MERLIN MAIL, MERLIN MAIL-ML, and
MERLIN MAIL R3 Voice Messaging Systems
The MERLIN MAIL, MERLIN MAIL-ML, and MERLIN MAIL R3 Voice Messaging 
Systems provide the automated attendant feature. Follow all recommendations 
for protecting these systems in Chapter 5. In addition, make sure that automated 
attendant selector codes do not permit outside line selection.
MERLIN Attendant
To help secure MERLIN Attendant against toll fraud, do the following:
nAdminister the lowest valid extension number (Lowest Extension) and the 
highest valid extension number (Highest Extension) for the range of valid 
extensions. Transfer attempts to extensions that fall outside the range will 
be disallowed.
nAdminister the maximum number of digits in the extension to match the dial 
plan.
nChange the default system password.

Add page 208 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-20 PARTNER II Communications System 
6
PARTNER II Communications System
The PARTNER II Communications System supports the PARTNER MAIL System, 
and the PARTNER MAIL VS System.
PARTNER MAIL and PARTNER MAIL VS 
Systems
The PARTNER MAIL and PARTNER MAIL VS Systems provide the automated 
attendant feature. Follow all recommendations for protecting these systems in 
Chapter 5. 
PARTNER Attendant
To help secure PARTNER Attendant against toll fraud, do the following:
nAdminister the lowest valid extension number (Lowest Extension) and the 
highest valid extension number (Highest Extension) for the range of valid 
extensions. Transfer attempts to extensions that fall outside the range will 
be disallowed.
nAdminister the maximum number of digits in the extension to match the dial 
plan.
nChange the default system password.
PARTNER Plus Communications 
System
The PARTNER Plus Communications System R3.1 and later releases, supports 
the PARTNER MAIL System, and the PARTNER MAIL VS System.
PARTNER MAIL and PARTNER MAIL VS 
Systems
The PARTNER MAIL and PARTNER MAIL VS Systems provide the automated 
attendant feature. Follow all recommendations for protecting these systems in 
Chapter 5. 
PARTNER Attendant
To help secure PARTNER Attendant against toll fraud, do the following:
nAdminister the lowest valid extension number (Lowest Extension) and the 
highest valid extension number (Highest Extension) for the range of valid 
extensions. Transfer attempts to extensions that fall outside the range will 
be disallowed.

Add page 209 to Favourites

image text

Enable zoom

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Automated Attendant 
Page 6-21 System 25 
6
nAdminister the maximum number of digits in the extension to match the dial 
plan.
nChange the default system password.
System 25
AUDIX Voice Power System
System 25 supports the AUDIX Voice Power System, which provides automated 
attendant functionality. Follow all recommendations for protecting the System 25 
switch in Chapter 4, as well as those for protecting the AUDIX Voice Power 
System for System 25 in Chapter 5. In addition, make sure that automated 
attendant selector codes do not permit outside line selection.
The AUDIX Voice Power System tracks traffic data over various timespans. 
Reviewing these reports on a regular basis helps to establish traffic trends. If 
increased activity or unusual usage patterns occur, they can be investigated 
immediately.

Add page 210 to Favourites

Enable zoom

All Lucent Technologies manuals Comments (0)

Lucent Technologies BCS Products Security Handbook

Related Manuals for Lucent Technologies BCS Products Security Handbook